Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


FF Hijack/Google + Random Search Engine Referrals

  • Please log in to reply
1 reply to this topic

#1 shegetsby


  • Members
  • 6 posts
  • Local time:05:37 PM

Posted 06 November 2009 - 02:52 PM

I've already reformatted, pulled out my hair, screamed, shirked, etc etc etc. To no avail, of course, because I have a terminal illness: my computer is sick.

I keep getting random browser redirects/google hijacks to websites like this one (I did a random search for SAS):


Sometimes to other sites too, like the productdepot.com. Or another random search engine.

I had AVG 9-full, but after I reformatted, decided not to reinstall. So right now I am running Avira (that won't update for current problems, for some reason) and Malwarebytes (actually detected bad trojans). Not running them simultaneously, of course.

So far, I've reinstalled FF, FileZilla, and everything related to the internet to solve my problem. I ended up reformatting because I ran ComboFix and it messed up a system file (I think, Hell... I don't know).

Attached are my HJT and DDS logs galore, but this is just becoming tiring.

Where can I start? Or, better yet, where can we start and how can I avoid this from happening again?

I'm running XP SP3 on my HP DV9000 laptop. Current versions of ALL software. FML.

Posted Image

Attached Files

BC AdBot (Login to Remove)


#2 jpshortstuff


    WhatTheTech Teacher

  • Members
  • 660 posts
  • Gender:Male
  • Location:UK
  • Local time:11:37 PM

Posted 06 November 2009 - 03:34 PM

OK, let's manually get rid of the junk showing in your logs, and then see where we stand.

Please download OTM by OldTimer.
  • Save it to your desktop.
  • Please click OTM and then click >> run.
  • Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


c:\documents and settings\all users\defence
c:\program files\common files\akyryrucu.db
c:\program files\common files\quvac.dl
c:\program files\common files\baralyqym.lib
c:\program files\common files\lyji.inf

  • Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

After that reboots, please run DDS again, along with RootRepeal, and post the logs. Let me know if the computer is running any better.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users